pyftpdlib icon indicating copy to clipboard operation
pyftpdlib copied to clipboard

Published 20 hours ago verified publisher icon giampaolo

Tls1.2 support

Open sourabhyadavgit opened this issue 4 years ago • 3 comments

Does this supports tls1.2? When trying updating with ssl_protocol to ssl.protocol_TLSv1_2 its failing to connect with clients with tls1.2. When set back to 1.0 works fine with clients.

sourabhyadavgit avatar Jul 03 '20 15:07 sourabhyadavgit

Hello there. I think this should work (not tested):

from OpenSSL import SSL
from pyftpdlib.authorizers import DummyAuthorizer
from pyftpdlib.handlers import TLS_FTPHandler
from pyftpdlib.servers import FTPServer

authorizer = DummyAuthorizer()
authorizer.add_anonymous('.')
handler = TLS_FTPHandler
handler.certfile = "/path/to/certfile.pem"
handler.authorizer = authorizer
handler.ssl_protocol = SSL.TLSv1_2_METHOD
server = FTPServer(('', 2121), handler)
server.serve_forever()

Also, as a note the self: the current default is SSL.SSLv23_METHOD. That is probably too old. I'm going to file an issue on the tracker.

On Fri, Jul 3, 2020 at 5:12 PM sourabhyadavgit [email protected] wrote:

Does this supports tls1.2? When trying updating with ssl_protocol to ssl.protocol_TLSv1_2 its failing to connect with clients with tls1.2. When set back to 1.0 works fine with clients.

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/giampaolo/pyftpdlib/issues/535, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAFGKLFN4JAKIA23TXK5I6LRZXYMJANCNFSM4OP4OZJQ .

-- Giampaolo - gmpy.dev https://gmpy.dev/about

giampaolo avatar Jul 03 '20 22:07 giampaolo

Thanks a lot giampolo :+1: it worked One more thing I was thinking of amending was listing our ciphers server supports but couldn't get which socket to use for this from class. If I get the socket or function details I can give a try to update it to decrypt client certificates to match host name or any other fields. Apols if it's easy but I'm relatively new to python.

sourabhyadavgit avatar Jul 04 '20 14:07 sourabhyadavgit

Hi, I dig into an issue where files uploaded to pyftpdlib with lftp 4.8.4 / GnuTLS 3.7.1 (debian stable) where truncated above a certain size. I guess lftp/gnutls doesn't handle correctly SSLv23_METHOD

Using TLSv1_2_METHOD fixed the issue. Maybe this should become the default ? I'm not an TLS/SSL expert but it seems to me that TLSv1.2 should always be preferred now.

philpep avatar Aug 19 '22 10:08 philpep